CVE-2018-19865 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
qt	qt	5.7.0 ≤ 𝑥 ≤ 5.7.1
qt	qt	5.9.0 ≤ 𝑥 ≤ 5.9.7
qt	qt	5.10.0 ≤ 𝑥 ≤ 5.10.1
qt	qt	5.11.0 ≤ 𝑥 < 5.11.3
qt	qt	5.8.0
opensuse	leap	15.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qtvirtualkeyboard-opensource-src

bullseye	5.15.2+dfsg-2 fixed
bookworm	5.15.8+dfsg-2 fixed
sid	5.15.15+dfsg-2 fixed
trixie	5.15.15+dfsg-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

qtvirtualkeyboard-opensource-src

noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
impish	ignored
hirsute	ignored
groovy	ignored
focal	needs-triage
eoan	ignored
disco	ignored
cosmic	ignored
bionic	needs-triage
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-532 - Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References

http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html

https://codereview.qt-project.org/#/c/243666/

https://codereview.qt-project.org/#/c/244569/

https://codereview.qt-project.org/#/c/244687/

https://codereview.qt-project.org/#/c/244845/

https://codereview.qt-project.org/#/c/245283/

https://codereview.qt-project.org/#/c/245293/

https://codereview.qt-project.org/#/c/245312/

https://codereview.qt-project.org/#/c/245638/

https://codereview.qt-project.org/#/c/245640/

https://codereview.qt-project.org/#/c/246630/

http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html

https://codereview.qt-project.org/#/c/243666/

https://codereview.qt-project.org/#/c/244569/

https://codereview.qt-project.org/#/c/244687/

https://codereview.qt-project.org/#/c/244845/

https://codereview.qt-project.org/#/c/245283/

https://codereview.qt-project.org/#/c/245293/

https://codereview.qt-project.org/#/c/245312/

https://codereview.qt-project.org/#/c/245638/

https://codereview.qt-project.org/#/c/245640/

https://codereview.qt-project.org/#/c/246630/